1. Determine if the ITGC listed is a preventive or a detective and corrective control. ITGC...
Fantastic news! We've Found the answer you've been seeking!
Question:
Transcribed Image Text:
1. Determine if the ITGC listed is a preventive or a detective and corrective control. ITGC Changes to the IT application are tested by business and (or) IT users, as appropriate, prior to the move into production. The programs in the test environment (including tools to move the programs into the test environment) are accessible only by a limited number of authorized, appropriate people who don't have development responsibilities. The date and time stamp of the programs in the test environment are compared with the earliest user acceptance testing approval date and time prior to the move of the programs to the production environment to determine that no changes were made to the programs after testing. After changes are implemented, management periodically reviews changes to the IT application to validate that they were tested and approved prior to being moved to production. Changes to key configurations are logged and the log is reviewed by knowledgeable people who cannot change the configurations being monitored Password settings are appropriate for the environment and level of risk. Passwords and other key security settings are verified quarterly for appropriate settings as defined by the policy. Access rights no longer needed by users who are leaving the entity's employ or who have changed job responsibilities are ended timely based on notification from HR or the user's supervisor or manager. Logs of the activities of people with access that created segregation- of-duties concerns are reviewed by knowledgeable people who do not have such access, or the changes are matched to approvals. Preventive or detective and corrective ITGC Changes to the data made by users other than the IT application or IT application users are logged and compared with the requests and approvals for those changes by people without the access to make such changes. Programs and data are written to backup media at least weekly and stored in a physical location separate from the production equipment. IT personnel monitor the execution of the job schedule and take actions appropriate for the issues that arise. 2. For each identified ITGC risk, indicate if the risk is an access, change or operations risk and which ITGCS would mitigate the risk. ITGC risk Any unauthorized access to data, including data master files Direct data changes made by IT personnel, even with authorization Failure to make requested changes to IT programs or systems Hardware or software issues result in the loss of data or inability to accurately process data Inadequate user authentication and security settings, including password management Issues with IT programs that cannot process through to completion are not addressed or are addressed incorrectly. including Inappropriate manual intervention Preventive or detective and corrective Type of risk (access, change, operations) ITGC to mitigate the risk ITGC risk Personnel with access beyond what is necessary Reliance on faulty IT programs or systems Type of risk (access, change, operations) ITGC to mitigate the risk 1. Determine if the ITGC listed is a preventive or a detective and corrective control. ITGC Changes to the IT application are tested by business and (or) IT users, as appropriate, prior to the move into production. The programs in the test environment (including tools to move the programs into the test environment) are accessible only by a limited number of authorized, appropriate people who don't have development responsibilities. The date and time stamp of the programs in the test environment are compared with the earliest user acceptance testing approval date and time prior to the move of the programs to the production environment to determine that no changes were made to the programs after testing. After changes are implemented, management periodically reviews changes to the IT application to validate that they were tested and approved prior to being moved to production. Changes to key configurations are logged and the log is reviewed by knowledgeable people who cannot change the configurations being monitored Password settings are appropriate for the environment and level of risk. Passwords and other key security settings are verified quarterly for appropriate settings as defined by the policy. Access rights no longer needed by users who are leaving the entity's employ or who have changed job responsibilities are ended timely based on notification from HR or the user's supervisor or manager. Logs of the activities of people with access that created segregation- of-duties concerns are reviewed by knowledgeable people who do not have such access, or the changes are matched to approvals. Preventive or detective and corrective ITGC Changes to the data made by users other than the IT application or IT application users are logged and compared with the requests and approvals for those changes by people without the access to make such changes. Programs and data are written to backup media at least weekly and stored in a physical location separate from the production equipment. IT personnel monitor the execution of the job schedule and take actions appropriate for the issues that arise. 2. For each identified ITGC risk, indicate if the risk is an access, change or operations risk and which ITGCS would mitigate the risk. ITGC risk Any unauthorized access to data, including data master files Direct data changes made by IT personnel, even with authorization Failure to make requested changes to IT programs or systems Hardware or software issues result in the loss of data or inability to accurately process data Inadequate user authentication and security settings, including password management Issues with IT programs that cannot process through to completion are not addressed or are addressed incorrectly. including Inappropriate manual intervention Preventive or detective and corrective Type of risk (access, change, operations) ITGC to mitigate the risk ITGC risk Personnel with access beyond what is necessary Reliance on faulty IT programs or systems Type of risk (access, change, operations) ITGC to mitigate the risk
Expert Answer:
Answer rating: 100% (QA)
Answer First the necessary response 1 manage the process of transformation 2 ... View the full answer
Related Book For
Auditing and Assurance Services
ISBN: 978-0077862343
6th edition
Authors: Timothy Louwers, Robert Ramsay, David Sinason, Jerry Straws
Posted Date:
Students also viewed these general management questions
-
A risk management program must be implemented and periodically monitored to be effective. This step requires the preparation of a risk management policy statement. The cooperation of other...
-
In many industrial production processes, measurements are made periodically on critical characteristics to ensure that the process is operating properly. Observations vary from item to item being...
-
A password may become known to other users in a variety of ways. Is there a simple method for detecting that such an event has occurred? Explain your answer.
-
A strain relaxation test and a creep test are being conducted on a mouse Achilles tendon. If a strain of \epsi 0 = 60% is applied in the strain relaxation test and a stress of \ sigma 0 = 1 MPa is...
-
What are business ethics? How are ethics relevant to research?
-
The Davenport Hotel, Inc., included the following stockholders? equity on its year-end balance sheet at December 31, 2018. Requirements 1. Identify the different issues of stock that the Davenport...
-
Allied Industries uses the direct write-off method to account for bad debts. Record the following transactions that occurred during the year: Feb 3 Aug 8 Nov 10 Provided $600 of services to Bill...
-
Agee Corp. acquired a 25% interest in Trent Co. on January 1, 2010, for $500,000. At that time, Trent had 1,000,000 shares of its $1 par common stock issued and outstanding. During 2010, Trent paid...
-
Crane Industries incurs unit costs of $6 ($4 variable and $2 fixed) in making an assembly part for its finished product. A supplier offers to make 13,500 of the assembly part at $5 per unit. If the...
-
For each of the following four networks, discuss the consequences if a connection fails. a. Five devices arranged in a mesh topology b. Five devices arranged in a star topology (not counting the hub)...
-
EQUATION IS:(4y+(5x^4)(e^?4x))dx+(1?(5y^4)(e^?4x))dy=0 in differential form \( \widetilde{M} d x+\widetilde{N} d y=0 \) is not exact. Indeed, we have \[ \widetilde{M}_{y}-\widetilde{N}_{x}= \] For...
-
Is the following a probability model? What do we call the outcome red? Color Probability Red 0 Green 0.1 Blue 0.1 Brown 0.3 Yellow 0.15 Orange 0.35
-
Why is the following not a probability model? Color Probability Red 0.3 Green -0.4 Blue 0.2 Brown 0.4 Yellow 0.2 Orange 0.3
-
Determine whether the probabilities below are computed using the classical method, empirical method, or subjective method. (a) The probability of having six girls in a six-child family is 0.015625....
-
The acidity or alkalinity of a solution is measured using pH. A pH less than 7 is acidic; a pH greater than 7 is alkaline. The accompanying data represent the pH in samples of bottled water and tap...
-
What is the linear form of y = ab x ?
-
QUESTION 37 The Treasury Department conducts monetary policy; tax policy tax policy: financial market regulations Ofiscal policy; monetary policy Ofiscal policy: tax policy while the Federal Reserve...
-
Drainee purchases direct materials each month. Its payment history shows that 65% is paid in the month of purchase with the remaining balance paid the month after purchase. Prepare a cash payment...
-
What are some of the ratios that can be used in preliminary analytical procedures?
-
Orange is a public entity whose shares are traded on a national exchange. A Public Company Accounting Oversight Board inspection revealed a deficiency in audits conducted by Oranges auditor, LeGrow....
-
Which of the following statements best describes auditors responsibility for detecting a clients noncompliance with a law or regulation? a. The responsibility for detecting noncompliance exactly...
-
What is an account? What is a ledger?
-
Why are accounting systems called double entry?
-
Does debit always mean increase and credit always mean decrease?
Study smarter with the SolutionInn App